#! /usr/bin/perl

#use the HMTLSubs package
use HTMLSubs;

#use the cgi package
use CGI;

#use validation package
use ValidationSubs;

#use the md5 package to get the md5 version of the password
use Digest::MD5 qw(md5 md5_hex md5_base64);

#also enable strict mode
use strict;

#start by determining if any information was passed to the script so that the proper actions can be taken
#obtain the input 
my $input = obtain_input();

#if input is of length 0, proceed by displaying the login page
if(length($input) == 0){
	
	#call subroutine to display the full login/welcome page
	display_login();
}

#otherwise proceed to validate the login
else{
	
	#call method to split the full string into a hash of individual variables
	#this subroutine returns a reference to the submitted info hash
	my $ref_submitted_login = HTMLSubs->decode_input($input);
	
	#now call method to validate the login and take measures accordingly
	process_login($ref_submitted_login);
	
}

#subroutine to process the login information of the user
sub process_login{
	
	#obtain the login information from the parameter
	my $ref_submitted_login = $_[0];
	
	#dereference hash to local variable
	my %submitted_login = %$ref_submitted_login;
	
	#md5 the password
	my $hashed_password = md5_hex($submitted_login{'password'});
	
	#call subroutine to check information with database and take measures accordingly
	if(ValidationSubs->validate_login($submitted_login{'username'}, $hashed_password) == 1){
		
		#if correct, proceed to the main profile using the CGI modules redirect function
		#here the user is passed as a GET parameter as the information is not sensitive and can be implemented much more simply than using post
		print CGI -> redirect("profile.pl.cgi?username=$submitted_login{'username'}&groupSelected=&fileSelected=");
		
	}
	#otherwise display login page again with appropriate error message
	else{
		
		#create error message to be displayed
		my $main_error_message = "<h4><font color=\"red\">Invalid Username/Password Combination. <br>Please try again</font></h4>";
		
		#call subroutine to display the full login/welcome page
		display_login($main_error_message);
	}
}

#subroutine to display the full login site
sub display_login{
	
	#obtain potential messages
	my $error_text = $_[0];
	
	#start by calling the subroutine from the module to generate the beginning html code
	HTMLSubs->generate_html_beginning("Please Login");
	
	#now call the internal subroutine to display the html code for the login form and pass the error
	generate_login_html($ENV{'SCRIPT_NAME'}, $error_text);
	
	#lastly call subroutine to print the closing html tags
	HTMLSubs->generate_html_end();
}

#subroutine to generate the html code for the actual login form
sub generate_login_html{
	
	#obtain target
	my $form_target = $_[0];
	
	#get error
	my $error_text = $_[1];
	
	#now print the hmtl code
	print <<END_HTML;
	
	<div class="header">

	<div class="titles">
	<h1>Document Management System</h1>
	</div><!--titles-->

	<h2>Login</h2>

	<h3>You are not logged in</h3>


	<table class="tableheader">
	<tr class="trheader">
	<td class="tdheaderleft">
	</td>
	<td class="tdheaderright">
	</td>
	</tr>
	</table>
	</div><!--end of main header-->
	
	<!--main content-->
	<div class="content">
END_HTML

	#print any potential error messages passed to the subroutine and ensure that not too many <br> tags are printed
	#by determining if the length of the text is 0 or not
	if(length($error_text) != 0){
		print "$error_text<br>";
	}
	print <<END_HTML;
	<!-- place form in table for appearance formatting-->
		<table>
			<form action="$form_target" method=POST>
			<tr>
				<!-- username-->
				<td><p>Username:</p></td>
				<td><input type="text" name="username"></td>
			</tr>
			<tr>
				<!-- password-->
				<td><p>Password:</p></td>
				<td><input type="password" name="password"></td>
			</tr>
			<tr>
				<!-- submit button-->
				<td><br /><input type="submit" value="Login"></form></td>
			</tr>
			<tr>
				<!-- forgot password-->
				<td><br /><p><a href="forgotPassword.pl.cgi">Forgot Password?</a></p></td>
			</tr>
			<tr>
				<!-- new user-->
				<td><p><a href="newUser.pl.cgi">New User?</a></p></td>
			</tr>		
		</table>
		</div><!--end of content-->
END_HTML
	
}

#subroutine to obtain and determine what information is passed to the script
#to make this more universal, both GET and POST methods are accepted 
#this reads input for both GET and POST
sub obtain_input{

	#declare scalar to hold passed information
	my $input;

	#now retrieve the input through either get or post
	#change the case of request method
	$ENV{'REQUEST_METHOD'} =~ tr/a-z/A-Z/;

	#if post use STDIN
	if ($ENV{'REQUEST_METHOD'} eq "POST"){
		read(STDIN, $input, $ENV{'CONTENT_LENGTH'});

		#exchange plus signs to spaces
		$input =~ s/\+/ /;

		#deal with special characters using the substitution sample provided
		$input =~ s/\%([A-Fa-f0-9]{2})/pack('C', hex($1))/seg;
	}
	#otherwise the env hash
	else{
		$input = $ENV{'QUERY_STRING'};
		
		#exchange plus signs to spaces
		$input =~ s/\+/ /;
		
		#deal with special characters using the substitution sample provided
		$input =~ s/\%([A-Fa-f0-9]{2})/pack('C', hex($1))/seg;
	}
	
	#now return the correct input
	return $input;	
}



